Show More
| @@ -1,98 +1,99 b'' | |||||
| 1 | #!/usr/bin/env python |
|
1 | #!/usr/bin/env python | |
| 2 | # encoding: utf-8 |
|
2 | # encoding: utf-8 | |
| 3 | # Model for permissions |
|
3 | # Model for permissions | |
| 4 | # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> |
|
4 | # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> | |
| 5 |
|
5 | |||
| 6 | # This program is free software; you can redistribute it and/or |
|
6 | # This program is free software; you can redistribute it and/or | |
| 7 | # modify it under the terms of the GNU General Public License |
|
7 | # modify it under the terms of the GNU General Public License | |
| 8 | # as published by the Free Software Foundation; version 2 |
|
8 | # as published by the Free Software Foundation; version 2 | |
| 9 | # of the License or (at your opinion) any later version of the license. |
|
9 | # of the License or (at your opinion) any later version of the license. | |
| 10 | # |
|
10 | # | |
| 11 | # This program is distributed in the hope that it will be useful, |
|
11 | # This program is distributed in the hope that it will be useful, | |
| 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 14 | # GNU General Public License for more details. |
|
14 | # GNU General Public License for more details. | |
| 15 | # |
|
15 | # | |
| 16 | # You should have received a copy of the GNU General Public License |
|
16 | # You should have received a copy of the GNU General Public License | |
| 17 | # along with this program; if not, write to the Free Software |
|
17 | # along with this program; if not, write to the Free Software | |
| 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | |
| 19 | # MA 02110-1301, USA. |
|
19 | # MA 02110-1301, USA. | |
| 20 | """ |
|
20 | """ | |
| 21 | Created on Aug 20, 2010 |
|
21 | Created on Aug 20, 2010 | |
| 22 | Model for permissions |
|
22 | Model for permissions | |
| 23 | @author: marcink |
|
23 | @author: marcink | |
| 24 | """ |
|
24 | """ | |
| 25 |
|
25 | |||
| 26 | from rhodecode.model.db import User, Permission, UserToPerm, RepoToPerm |
|
26 | from rhodecode.model.db import User, Permission, UserToPerm, RepoToPerm | |
| 27 | from rhodecode.model.caching_query import FromCache |
|
27 | from rhodecode.model.caching_query import FromCache | |
| 28 | from rhodecode.model.meta import Session |
|
28 | from rhodecode.model.meta import Session | |
| 29 | import logging |
|
29 | import logging | |
| 30 | import traceback |
|
30 | import traceback | |
| 31 | log = logging.getLogger(__name__) |
|
31 | log = logging.getLogger(__name__) | |
| 32 |
|
32 | |||
| 33 |
|
33 | |||
| 34 | class PermissionModel(object): |
|
34 | class PermissionModel(object): | |
| 35 |
|
35 | |||
| 36 | def __init__(self): |
|
36 | def __init__(self): | |
| 37 | self.sa = Session() |
|
37 | self.sa = Session() | |
| 38 |
|
38 | |||
| 39 | def get_permission(self, permission_id, cache=False): |
|
39 | def get_permission(self, permission_id, cache=False): | |
| 40 | perm = self.sa.query(Permission) |
|
40 | perm = self.sa.query(Permission) | |
| 41 | if cache: |
|
41 | if cache: | |
| 42 | perm = perm.options(FromCache("sql_cache_short", |
|
42 | perm = perm.options(FromCache("sql_cache_short", | |
| 43 | "get_permission_%s" % permission_id)) |
|
43 | "get_permission_%s" % permission_id)) | |
| 44 | return perm.get(permission_id) |
|
44 | return perm.get(permission_id) | |
| 45 |
|
45 | |||
| 46 | def get_permission_by_name(self, name, cache=False): |
|
46 | def get_permission_by_name(self, name, cache=False): | |
| 47 | perm = self.sa.query(Permission)\ |
|
47 | perm = self.sa.query(Permission)\ | |
| 48 | .filter(Permission.permission_name == name) |
|
48 | .filter(Permission.permission_name == name) | |
| 49 | if cache: |
|
49 | if cache: | |
| 50 | perm = perm.options(FromCache("sql_cache_short", |
|
50 | perm = perm.options(FromCache("sql_cache_short", | |
| 51 | "get_permission_%s" % name)) |
|
51 | "get_permission_%s" % name)) | |
| 52 | return perm.scalar() |
|
52 | return perm.scalar() | |
| 53 |
|
53 | |||
| 54 | def update(self, form_result): |
|
54 | def update(self, form_result): | |
| 55 | perm_user = self.sa.query(User)\ |
|
55 | perm_user = self.sa.query(User)\ | |
| 56 | .filter(User.username == form_result['perm_user_name']).scalar() |
|
56 | .filter(User.username == form_result['perm_user_name']).scalar() | |
| 57 | u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all() |
|
57 | u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all() | |
| 58 | if len(u2p) != 3: |
|
58 | if len(u2p) != 3: | |
| 59 | raise Exception('Defined: %s should be 3 permissions for default' |
|
59 | raise Exception('Defined: %s should be 3 permissions for default' | |
| 60 | ' user. This should not happen please verify' |
|
60 | ' user. This should not happen please verify' | |
| 61 | ' your database' % len(u2p)) |
|
61 | ' your database' % len(u2p)) | |
| 62 |
|
62 | |||
| 63 | try: |
|
63 | try: | |
| 64 | #stage 1 change defaults |
|
64 | #stage 1 change defaults | |
| 65 | for p in u2p: |
|
65 | for p in u2p: | |
| 66 | if p.permission.permission_name.startswith('repository.'): |
|
66 | if p.permission.permission_name.startswith('repository.'): | |
| 67 | p.permission = self.get_permission_by_name( |
|
67 | p.permission = self.get_permission_by_name( | |
| 68 | form_result['default_perm']) |
|
68 | form_result['default_perm']) | |
| 69 | self.sa.add(p) |
|
69 | self.sa.add(p) | |
| 70 |
|
70 | |||
| 71 | if p.permission.permission_name.startswith('hg.register.'): |
|
71 | if p.permission.permission_name.startswith('hg.register.'): | |
| 72 | p.permission = self.get_permission_by_name( |
|
72 | p.permission = self.get_permission_by_name( | |
| 73 | form_result['default_register']) |
|
73 | form_result['default_register']) | |
| 74 | self.sa.add(p) |
|
74 | self.sa.add(p) | |
| 75 |
|
75 | |||
| 76 | if p.permission.permission_name.startswith('hg.create.'): |
|
76 | if p.permission.permission_name.startswith('hg.create.'): | |
| 77 | p.permission = self.get_permission_by_name( |
|
77 | p.permission = self.get_permission_by_name( | |
| 78 | form_result['default_create']) |
|
78 | form_result['default_create']) | |
| 79 | self.sa.add(p) |
|
79 | self.sa.add(p) | |
|
|
80 | ||||
| 80 | #stage 2 update all default permissions for repos if checked |
|
81 | #stage 2 update all default permissions for repos if checked | |
| 81 |
if form_result['overwrite_default'] == |
|
82 | if form_result['overwrite_default'] == True: | |
| 82 | for r2p in self.sa.query(RepoToPerm)\ |
|
83 | for r2p in self.sa.query(RepoToPerm)\ | |
| 83 | .filter(RepoToPerm.user == perm_user).all(): |
|
84 | .filter(RepoToPerm.user == perm_user).all(): | |
| 84 | r2p.permission = self.get_permission_by_name( |
|
85 | r2p.permission = self.get_permission_by_name( | |
| 85 | form_result['default_perm']) |
|
86 | form_result['default_perm']) | |
| 86 | self.sa.add(r2p) |
|
87 | self.sa.add(r2p) | |
| 87 |
|
88 | |||
| 88 | #stage 3 set anonymous access |
|
89 | #stage 3 set anonymous access | |
| 89 | if perm_user.username == 'default': |
|
90 | if perm_user.username == 'default': | |
| 90 | perm_user.active = bool(form_result['anonymous']) |
|
91 | perm_user.active = bool(form_result['anonymous']) | |
| 91 | self.sa.add(perm_user) |
|
92 | self.sa.add(perm_user) | |
| 92 |
|
93 | |||
| 93 |
|
94 | |||
| 94 | self.sa.commit() |
|
95 | self.sa.commit() | |
| 95 | except: |
|
96 | except: | |
| 96 | log.error(traceback.format_exc()) |
|
97 | log.error(traceback.format_exc()) | |
| 97 | self.sa.rollback() |
|
98 | self.sa.rollback() | |
| 98 | raise |
|
99 | raise | |
General Comments 0
You need to be logged in to leave comments.
Login now